I have trouble logging in to coinpayu.com site using cURL. If you can help I will be so thankful.
~$ curl -v -b --form exampleInputPassword1=coinpayu.bot#Com1 --form exampleInputEmail1=coinpayubot#cutradition.com -H "authtoken: e767f9b3542aef54bf5aaa216df156be521f3c06" https://ssd.coinpayu.com/user/login?lang=null
here is all info about the site:
note: this is just a test login info
Site link: https://www.coinpayu.com/login
Email: coinpayubot#cutradition.com
Password: coinpayu.bot#Com1
and this is a request headers if can be useful
:authority: ssd.coinpayu.com
:method: POST
:path: /user/baseinfo?lang=en-us
:scheme: https
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,ar;q=0.8
authtoken: e767f9b3542aef54bf5aaa216df156be521f3c06
cointoken: c2556ee20245a4dfdf08f63431413b098a58c9af
content-length: 10
content-type: application/json;charset=UTF-8
cookie: _ga=GA1.2.925006934.1647155396; PHPSESSID=i6710scfkphppk0stujellr2i0; __cf_bm=BVby4cc1kxX1sdagb3a7EwUrip4PEmX2Q_poxCJKTeM-1647756499-0-Ab7TLJ7qVMRbW5SJY9HZZkRdNw62LVtObnuQA0emrPXntw3CMVQNMDvgQqqNnMvkx4pj5iGvbPrX7Ad0euzX27E+08kBqJpFArYqdbh0LPv9YARZjRSgjPOF2KoMyOR/5A==; coinPayU-cointoken=c2556ee20245a4dfdf08f63431413b098a58c9af
origin: https://www.coinpayu.com
referer: https://www.coinpayu.com/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Related
I have a web page served by FastAPI that on a button click is initiating a POST request using pure Javascript to a route in my API which then should redirect to an external page.
The Javascript:
function submit(url) {
let xhr = new XMLHttpRequest();
xhr.open("POST", url, false);
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.send(); }
In my app FastAPI app, I added the following:
app.add_middleware(
CORSMiddleware,
allow_credentials=True,
allow_origins=['*', 'http://127.0.0.1:8080', 'http://127.0.0.1:8080/OpryW?', 'http://127.0.0.1:8080/OpryW'],
allow_methods=["*"],
allow_headers=["*"],
)
When clicking the button, however, I am still getting a CORS error.
Here are some details about the request:
POST: http://127.0.0.1:8080/OpryW
Request headers:
POST /OpryW HTTP/1.1
Host: 127.0.0.1:8080
Connection: keep-alive
Content-Length: 19
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
sec-ch-ua-platform: "macOS"
Content-Type: application/json
Accept: */*
Origin: http://127.0.0.1:8080
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://127.0.0.1:8080/OpryW?
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Response headers:
HTTP/1.1 307 Temporary Redirect
date: Mon, 01 Nov 2021 20:00:10 GMT
server: uvicorn
location: http://www.google.com
access-control-allow-origin: *
access-control-allow-credentials: true
Transfer-Encoding: chunked
Why am I still getting a CORS error?
Thanks
I have a react application connecting to a Spring Boot backend application, I use JWT to authorize the user at the backend. I am using fetch to make the calls between the front and backend.
Whenever I try to set the headers of the call all the headers get removed including the Cookie (which contains the JWT). I need to set the headers to specify the content-type of the request.
- Call when I do not set the headers (causing 415)
fetch code:
return fetch(`${urlApiGateway}${url}`, {
method: "POST",
body: body,
credentials: "include",
})
Call:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,nl-NL;q=0.8,nl;q=0.7
Connection: keep-alive
Content-Length: 13
content-type: text/plain;charset=UTF-8
Cookie: Authorization=Bearer_eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjYXNwZXIubS50b3JlbjJAZ21haWwuY29tIiwiZXhwIjoxNjI1NDg2MzAzLCJpYXQiOjE2MjUzOTk5MDMsInVzZXIiOnsiaWQiOjIsIm5hbWUiOiJjYXNwZXIiLCJlbWFpbCI6ImNhc3Blci5tLnRvcmVuMkBnbWFpbC5jb20iLCJwYXNzd29yZCI6IiIsInBlcm1pc3Npb25zIjoiQURNSU4ifX0.JdW1M7d8HB71yvP7dupomN-bgD_484HHbxmfnOOmvqM
Host: localhost:8080
Origin: http://localhost:3000
Referer: http://localhost:3000/
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
As you can see the headers are present like 'content-type' and 'Cookie'.
- Call when I do set the headers to prevent 415
fetch code:
return fetch(`${urlApiGateway}${url}`, {
method: "POST",
body: body,
headers: { "Content-Type": "application/json" },
credentials: "include",
})
Call:
It seems to be making 4 call, 2 with the previous fetch settings which where the same (no headers set).
2 of the calls look like this
Provisional headers are shown
content-type: application/json
Referer: http://localhost:3000/
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
and 2 look like this
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,nl-NL;q=0.8,nl;q=0.7
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Connection: keep-alive
Host: localhost:8080
Origin: http://localhost:3000
Referer: http://localhost:3000/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Where, as you can see, the headers are gone including the Cookie and content-type.
- Spring boot cors
#Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins(allowOrigin, "http://localhost:3000")
.allowCredentials(true)
.allowedHeaders("*")
.allowedMethods("GET", "POST", "OPTIONS");
}
I hope someone can help :)
You must pass Authorization Bearer token as header. Try this:
let yourAuthToken = .... // get bearer token from where you store it
return fetch(`${urlApiGateway}${url}`, {
method: "POST",
body: body,
headers: {
'Authorization' : 'Bearer ' + yourAuthToken
}
})
It hadn't anything to do with the js code, it was my cors settings on the backend side. My authorization filter was also being applied to the OPTIONS request which caused a cors error (no http ok status), after changing this it was fixed.
Thank you to all who tried to help me.
When I login the rest_auth API, I get the data:
{"key":"727ac2daf3f0ad2fa1cd13e0905e9941d721f49b","user":{"username":"111111#gmail.com","first_name":"","last_name":"","email":"111112#gmail.com","last_login":"2021-05-18T16:35:12.982804+08:00"}}
but when I use the key as identification to request data, I get 403 forbidden error:
[General]
Request URL: http://127.0.0.1:8000/api/CNAME/list/
Request Method: GET
Status Code: 403 Forbidden
Remote Address: 127.0.0.1:8000
Referrer Policy: strict-origin-when-cross-origin
[Response Headers]
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://127.0.0.1:8080
Allow: GET, HEAD, OPTIONS
Content-Length: 43
Content-Type: application/json
Date: Tue, 18 May 2021 08:35:13 GMT
Server: WSGIServer/0.2 CPython/3.5.2
Vary: Accept, Origin, Cookie
X-Frame-Options: SAMEORIGIN
[Request Headers]
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Authorization: Token 727ac2daf3f0ad2fa1cd13e0905e9941d721f49b
Connection: keep-alive
Host: 127.0.0.1:8000
Origin: http://127.0.0.1:8080
Referer: http://127.0.0.1:8080/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
I have tried some times and looking for the best result in some similar questions but I have not got any rational result, I have got response with postman and js AJAX but not with axios. my header request is as bellow:
:authority: www.sample.com
:method: POST
path: /api/v1/contact
:scheme: https
accept: application/json, text/plain
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,fa;q=0.8
content-length: 549
content-type: application/x-www-form-urlencoded
origin: http://localhost:3000
referer: http://localhost:3000/contact-us
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/83.0.4103.61 Safari/537.36
any idea? thanks a lot.
I've caught this packet sent from my browser to X site when I login:
POST http:/page_to_login HTTP/1.1
Host: host_name
Connection: keep-alive
Content-Length: 63
Accept: application/json, text/javascript, /; q=0.01
Origin: http:/host_name.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Content-Type: application/json; charset=UTF-8
Referer: http://name_host.com
Accept-Encoding: gzip, deflate
Accept-Language: en,it-IT;q=0.8,it;q=0.6,en-US;q=0.4
Cookie: __gads=ID=ba4aa3e1f26167ce:T=1420379969:S=ALNI_Max051cucDaIPAjfr_u43Jz3tF-eQ; mlUserID=qoqCnShSTTHg; ebNewBandWidth_.name_host.com=2137%3A1424452854024; ff11_lastvisit=1424960092; ff11_lastactivity=0; __adnt_intro=1; __utma=85431950.643346397.1420379964.1425039982.1425049087.44; __utmb=85431950.10.10.1425049087; __utmc=85431950; __utmz=85431950.1425032713.42.10.utmcsr=dotnethell.it|utmccn=(referral)|utmcmd=referral|utmcct=/forum/messages.aspx; sly_cook_fc=17313 18 0_; comp_drogat-premier-leagueLeghe2015Quad=0=87834; _ga=GA1.2.643346397.1420379964; _gat=1; rta_nxtml=
And this is how the password and username have sent to the server:
{"u":"my_username","p":"my_password","aliaslega":"","check":"u1-L12"}
How can I encapsulate this information and create js/php functions to automatically login to X site?